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DETAILED ACTION 

1 . Applicant's RCE filed on September 9, 2005 has been entered. Claims 1- 
3, 5-41, and 43-53 are pending. Claims 1, 10, 18, 26, 34, 44, 49, and 50 are amended 
by the applicant. Claims 4 and 42 are also canceled by the applicant. 

Claim Objections 

2. Claims 1 and 34 are objected to because of the following informalities: 

a. Referring to claim 1: 

There is a typo in a word "plucality" of page 2, line 7 in Claims 

section. 

b. Referring to claim 34: 

There is a typo in a word "gtoken" of page 13, line 24 in Claims 

section. 

Appropriate correction is required. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1-2, 5-14, 16-22, 24-30, 32-38, 40, 43-47, 49-53 are rejected under 
35 U.S.C. 103(a) as being unpatentable over Baltzley (US 6,154, 543), and further in 
view of Chandra et al (US 4,81 7,140). 

a. Referring to claim 1: 
i. Baltzley teaches: 

(1 ) a plurality of client computers, a server, and a plurality 
of computer readable media, wherein each computer readable medium (i.e., floppy disk, 
compact disc (CD), etc.) within said plurality of computer readable media is 
transportable to each client computer in said plurality of client computers and is 
readable and writable within each client computer in said plurality of client computers 
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[i.e., the public key cryptosystem with roaming user capability comprises a 
network having multiple client computers and multiple encryption servers. The 
network allows secure communication between the client computers and the 
encryption servers (column 2, lines 21-25). In addition, Figure 1 shows one 
embodiment of the public key cryptosystem with roaming user capability 200 of 
the present invention within a communication network system 1000 comprising 
an encryption server 105 connected to a network of multiple client machines 110 
through communication channels 115 which may each be comprised of a secure 
socket layer (column 4, lines 7-13). Figure 2 shows a client machine 110 which 
can comprise incoming and outgoing communication channels 115, a memory 
205, and one or more processors 210, such as microprocessors or digital signal 
processors. Memory 205 can include any storage medium (i.e., floppy disk, 
compact disc (CD), etc., which transferable from one machine to the other), 
including RAM, a hard drive, and tape memory (column 4, lines 18-23)], 

(2) said server generates a secure transfer key pair and 
encrypts a private key of said secure transfer key pair [i.e., as depicted in Figure 3 
(see associated descriptions for details)], 

(3) said secure transfer key pair is transferred to each of 
said client computers in said plurality thereof with said private key of said secure 
transfer key pair in an encrypted form [i.e., the Enabler computer program 
communicates with the Server computer program to enable a user to both read 
encrypted digital messages sent to him or her and send encrypted digital 
messages to other users. To read encrypted digital messages sent to a user, the 
user is first prompted for a passphrase. The passphrase is then hashed and 
transmitted to the encryption server for authentication. Once the hashed 
passphrase is authenticated, the encryption server transmits the user's encrypted 
private key back to the client computer, where it is decrypted. The user may now 
use the private key to read any digital messages he has received (column 2, lines 
38-47)], and 



Application/Control Number: 09/802,200 
Art Unit: 2135 



Page 4 



(4) each client computer in said plurality thereof is 
programmed to generate token data including said portion of said token data encrypted 
with a public key of said secure transfer key pair, to record said token data on a 
computer readable medium in said plurality of computer readable media, to read said 
token data from a computer readable medium in said plurality of computer readable 
media, to decrypt said private key of said secure transfer key pair, to decrypt said 
portion of said token data with said private key of said secure transfer key pair, and to 
be enable to perform (i.e., read, write, or edit, etc..) a predetermined task after 
decrypting said portion of said token data [i.e., as depicted in Figures 5 and 7 (see 
associated descriptions for details in column 5, lines 8-61 and column 6, line 53 
through column 7, line 11). In addition, Figure 1 shows one embodiment of the 
public key cryptosystem with roaming user capability 200 of the present 
invention within a communication network system 1000 comprising an encryption 
server 105 connected to a network of multiple client machines 110 through 
communication channels 115 which may each be comprised of a secure socket 
layer (column 4, lines 7-13). Figure 2 shows a client machine 110 which can 
comprise incoming and outgoing communication channels 115, a memory 205, 
and one or more processors 210, such as microprocessors or digital signal 
processors. Memory 205 can include any storage medium (i.e., floppy disk, 
compact disc (CD), etc., which transferable from one machine to the other), 
including RAM, a hard drive, and tape memory (column 4, lines 18-23). In order to 
read encrypted digital messages sent to a user, the user is first prompted for a 
passphrase. The passphrase is then hashed and transmitted to the encryption 
server for authentication. Once the hashed passphrase is authenticated, the 
encryption server transmits the user's encrypted private key back to the client 
computer, where it is decrypted. The user may now use the private key to read 
any digital messages he has received (column 2, lines 40-48)]. 

ii. However, Baltzley does not explicitly mention: 

(1 ) encrypted/decrypted portion of token data. 

iii. Chandra, on the other hand, teaches: 
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(1) In accordance with Chandra's invention software can 
be distributed on magnetic media (such as tape or floppy disk) or by other means 
(telephone lines, cable or broadcast transmission). The software is partitioned into an 
encrypted portion P.sub.e and an unencrypted (clear text) portion P.sub.c. The choice 
of the partitioning is made by the software vendor with the understanding that only the 
encrypted portion will be protected from piracy. The encrypted portion, P.sub.e of the 
software will be decrypted and executed by a physically and logically secure 
coprocessor if the coprocessor possesses the decryption key which embodies the right 
to execute. The protected part of the software is, thus, never exposed in plaintext form 
and never executed by unauthorized systems (column 3, lines 52-66). 

iv. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) mention/include a software asset protection 
mechanism (in Baltzley) which is based on the separation of the software to be 
protected from the right to execute that software (see abstract of Chandra). 

v. The ordinary skilled person would have been motivated to: 
(1) mention/include a software asset protection 

mechanism (in Baltzley) because the typical software purchaser may still duplicate at 
will the software he has received from the vendor. However, he cannot duplicate the 
right to use the software; in fact he receives a single right to use the software (column 
3, lines 39-43 of Chandra). 

b. Referring to claim 2: 

i. Baltzley further teaches: 

(1) wherein each client computer in said plurality thereof 
generates a platform key pair, a public key of said platform key pair is transferred to 
said server [i.e., as depicted in Figure 5 (see associated descriptions for details)], 
and 

(2) said secure transfer key pair is transferred to each of 
said client computers in said plurality thereof with said private key of said secure 
transfer key pair encrypted with said public key of said platform key pair of said client 
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computer, and each client computer in said plurality thereof stores said secure transfer 
key pair with said private key of said secure transfer key pair encrypted with said public 
key of said platform key pair and subsequently decrypts said private key of said secure 
transfer key pair with said private key of said platform key pair [i.e., as depicted in 
Figures 5 and 7 (see associated descriptions for details in column 5, lines 8-61 
and column 6, line 53 through column 7, line 11)]. 

c. Referring to claim 4: 

i. This claim is canceled by the applicant (see Amendments to 
Claims filed by applicant on September 9, 2005). 

d. Referring to claim 5: 

i. Baltzley further teaches: 

(1) each client computer in said plurality of client 
computers includes an input device for providing a numeric input [i.e., referring to 
Figures 1 and 2, a client machine 110 includes a keyboard (not label) for entering 
input data (see associated descriptions for details), 

(2) said portion of said token data includes a PIN, each 
client computer in said plurality of client computers, after decrypting said portion of said 
token data read from said computer readable medium, compares said PIN included 
within said token data with said numeric input provided through said input device, and 
each client computer within said plurality of client computers is enabled to perform a 
predetermined task in response to determining an equivalence between said PIN and 
said numeric input provided through said input device [i.e., the Enabler computer 
program communicates with the Server computer program to enable a user to 
both read encrypted digital messages sent to him or her and send encrypted 
digital messages to other users. To read encrypted digital messages sent to a 
user, the user is first prompted for a passphrase (which includes PIN or 
password). The passphrase is then hashed and transmitted to the encryption 
server for authentication. Once the hashed passphrase is authenticated, the 
encryption server transmits the user's encrypted private key back to the client 
computer, where it is decrypted. The user may now use the private key to read 
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any digital messages he has received. In addition, Baltzley's invention provides 
an important technical advantage by providing a way to securely store a user's 
private key on an encryption server by symmetrically encrypting it with a 
passphrase so that no one but the user has access to it (column 2, lines 38-58)]. 

e. Referring to claim 6: 

i. Baltzley further teaches: 

(1) said system additionally comprises a communications 
network connecting said server with each of said client computers in said plurality 
thereof [i.e., Figure 1 shows one embodiment of the public key cryptosystem with 
roaming user capability 200 of the present invention within a communication 
network system 1000 comprising an encryption server 105 connected to a 
network of multiple client machines 110 through communication channels 115 
which may each be comprised of a secure socket layer. The public cryptosystem 
with roaming user capability 200 may have a firewall or any other security devices 
placed between the encryption server 105 and the client machines 110 to further 
secure the encryption server 105 from being hacked or broken into (column4, 
lines 6-16)], and 

(2) said secure transfer key is transmitted over said 
communications network from said server to each of said client computers in said 
plurality thereof with said private key of said secure transfer key pair in said encrypted 
form [i.e., referring to Figure 6, in step 620, the encryption server 105 
authenticates the hashed passphrase and transmits the encrypted private key 320 
back to the client computer 110 (column 6, lines 9-12)]. 

f. Referring to claim 7: 

i. Baltzley further teaches: 

(1) wherein each client computer in said plurality thereof 
generates a platform key pair and transmits a public key of said platform key pair to said 
server over said communications network, said server transmits said secure transfer 
key pair over said communications network to each of said client computers in said 
plurality thereof with said platform key pair of said client computer, and each client 
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computer in said plurality thereof stores said secure transfer key pair with said private 
key of said secure transfer key pair encrypted with said public key of said platform key 
pair and subsequently decrypts said private key of said secure transfer key pair with 
said private key of said platform key pair [i.e., the client computer executes a New 
User computer program and an Enabler computer program to facilitate secure 
communication. Both the New User computer program and the Enabler computer 
program communicate with a Server computer program located on the encryption 
server. The New User computer program communicates with the Server 
computer program to generate a public/private key pair, a user identifier, and a 
user passphrase. The private key is then encrypted with the user passphrase 
yielding an encrypted private key, which is transmitted with the public key to the 
encryption server. The Enabler computer program communicates with the Server 
computer program to enable a user to both read encrypted digital messages sent 
to him or her and send encrypted digital messages to other users. To read 
encrypted digital messages sent to a user, the user is first prompted for a 
passphrase. The passphrase is then hashed and transmitted to the encryption 
server for authentication. Once the hashed passphrase is authenticated, the 
encryption server transmits the user's encrypted private key back to the client 
computer, where it is decrypted. The user may now use the private key to read 
any digital messages he has received (column 2, lines 26-47)]. 

g. Referring to claim 8: 

i. This claim has limitations that is similar to those of claim 1, 
thus it is rejected with the same rationale applied against claim 1 above. 

h. Referring to claim 9: 

i. This claim has limitations that is similar to those of claim 7, 
thus it is rejected with the same rationale applied against claim 7 above. 

i. Referring to claim 10: 

i. Baltzley teaches: 

(1) receiving a secure transfer key pair generated within 
a server separate from said plurality of computer systems; storing said secure transfer 
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key pair [i.e., referring to Figure 3, the private key is then encrypted with the user 
passphrase yielding an encrypted private key, which is transmitted with the 
public key to the encryption server 105 for storing (column 2, lines 35-37). As a 
matter of fact, once the passphrase is hashed and transmitted to the encryption 
server for authentication. The New User computer program communicates with 
the Server computer program to generate a public/private key pair, a user 
identifier, and a user passphrase. Once the hashed passphrase is authenticated, 
the encryption server transmits (emphasis added) the user's encrypted private 
key back to the client computer, where it is decrypted. The user may now use the 
private key to read any digital messages he has received (column 2, lines 44-48 
and refer to Figure 6 for further details). It is further understood that a client 
machine or computer or device is also a client/server. The rejection is also 
applied to those claims with similar limitations]; 

(2) after storing said secure transfer key pair, in response 
to an indication that token data is to be recorded, encrypting a portion of said token data 
with a public key of said secure transfer key pair; and recording said token data, 
including said portion of said token data encrypted with said public key of said secure 
transfer key pair on a computer readable medium [i.e., the Enabler computer 
program and the Server computer program also work in conjunction to send 
encrypted digital messages. Once a digital message is generated, it is encrypted 
with a client recipient's public key. The encrypted message is then transmitted to 
the client recipient computer (column 2, lines 49-57)]; and 

(3) after storing said secure transfer key pair, in response 
to an indication that token data is to be read, reading said token data from a computer 
readable medium, and decrypting a portion of said data with a private key of said secure 
transfer key pair, and being enable to perform a predetermined task after decrypting 
said portion of said data [i.e., to read encrypted digital messages sent to a user, the 
user is first prompted for a passphrase. The passphrase is then hashed and 
transmitted to the encryption server for authentication. Once the hashed 
passphrase is authenticated, the encryption server transmits the user's encrypted 



Application/Control Number: 09/802,200 
Art Unit: 2135 



Page 10 



private key back to the client computer, where it is decrypted. The user may now 
use the private key to read any digital messages he has received (column 2, lines 
40-48). In order to read encrypted digital messages sent to a user, the user is first 
prompted for a passphrase. The passphrase is then hashed and transmitted to 
the encryption server for authentication. Once the hashed passphrase is 
authenticated, the encryption server transmits the user's encrypted private key 
back to the client computer, where it is decrypted. The user may now use the 
private key to read any digital messages he has received (column 2, lines 40-48)]. 

ii. However, Baltzley does not explicitly mention: 

(1 ) encrypted/decrypted portion of token data. 

iii. Chandra, on the other hand, teaches: 

(1) In accordance with Chandra's invention software can 
be distributed on magnetic media (such as tape or floppy disk) or by other means 
(telephone lines, cable or broadcast transmission). The software is partitioned into an 
encrypted portion P.sub.e and an unencrypted (clear text) portion P.sub.e. The choice 
of the partitioning is made by the software vendor with the understanding that only the 
encrypted portion will be protected from piracy. The encrypted portion, P.sub.e of the 
software will be decrypted and executed by a physically and logically secure 
coprocessor if the coprocessor possesses the decryption key which embodies the right 
to execute. The protected part of the software is, thus, never exposed in plaintext form 
and never executed by unauthorized systems (column 3, lines 52-66). 

iv. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) mention/include a software asset protection 
mechanism (in Baltzley) which is based on the separation of the software to be 
protected from the right to execute that software (see abstract of Chandra). 

v. The ordinary skilled person would have been motivated to: 
(1) mention/include a software asset protection 

mechanism (in Baltzley) because the typical software purchaser may still duplicate at 
will the software he has received from the vendor. However, he cannot duplicate the 
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right to use the software; in fact he receives a single right to use the software (column 
3, lines 39-43 of Chandra). 

m. Referring to claims 1 1, 19, 27, 35, 47, and 52: 

i. These claims have limitations that is similar to those of claim 
7, thus they are rejected with the same rationale applied against claim 7 above, 
k. Referring to claims 12, 20, 28, 36, and 40: 

i. These claims have limitations that is similar to those of claim 
2, thus they are rejected with the same rationale applied against claim 2 above. 
I. Referring to claim 13: 

i. Baltzley further teaches: 

(1 ) wherein said secure transfer key pair is read from 
a computer readable medium [i.e., to read encrypted digital messages sent to a 
user, the user is first prompted for a passphrase. The passphrase is then hashed 
and transmitted to the encryption server for authentication. Once the hashed 
passphrase is authenticated, the encryption server transmits the user's encrypted 
private key back to the client computer, where it is decrypted. The user may now 
use the private key to read any digital messages he has received (column 2, lines 
40-48)]. 

m. Referring to claims 14, 22, 30, and 38: 

i. These claims have limitations that is similar to those of 
claims 2 and 7, thus they are rejected with the same rationale applied against claims 2 
and 7 above. 

n. Referring to claims 16, 24, and 32: 

i. These claims have limitations that is similar to those of claim 
1 , thus they are rejected with the same rationale applied against claim 1 above, 
o. Referring to claims 17, 25, 33, 43, and 49: 

i. These claims have limitations that is similar to those of claim 
5, thus they are rejected with the same rationale applied against claim 5 above, 
p. Referring to claims 18 and 26: 
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i. These claims have limitations that is similar to those of claim 
10, thus they are rejected with the same rationale applied against claim 10 above, 
q. Referring to claims 21, 29, 37, and 53: 

i. These claims have limitations that is similar to those of claim 
13, thus they are rejected with the same rationale applied against claim 13 above, 
r. Referring to claim 34: 
i. Baltzley teaches: 

(1) generating a secure transfer key pair within a server 
(i.e., standalone system) separate from said local computer and from said remote 
computer [i.e., as a matter of fact, once the passphrase is hashed and transmitted 
to the encryption server for authentication. The New User computer program 
communicates with the Server computer program to generate a public/private key 
pair, a user identifier, and a user passphrase. Once the hashed passphrase is 
authenticated, the encryption server transmits (emphasis added) the user's 
encrypted private key back to the client computer, where it is decrypted. The 
user may now use the private key to read any digital messages he has received 
(column 2, lines 4448 and refer to Figure 6 for further details). It is further 
understood that a client machine or computer or device is also a client/server 
(i.e., a standalone system). The rejection is also applied to those claims with 
similar limitations]; transferring a secure transfer key pair from said server to said 
local computer; storing said secure transfer key pair within said local computer [i.e., to 
read encrypted digital messages sent to a user, the user is first prompted for a 
passphrase. The passphrase is then hashed and transmitted to the encryption 
server for authentication. Once the hashed passphrase is authenticated, the 
encryption server transmits the user's encrypted private key back to the client 
computer, where it is decrypted. The user may now use the private key to read 
any digital messages he has received (column 2, lines 38-47)]; 

(2) establishing communication between said remote 
computer and said server [i.e., Baltzley's invention provides another important 
technical advantage by providing a way to securely store a user's private key on 
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an encryption server so a user may access the private key from any client 
machine on the encryption server network, thus providing roaming capability 
(column 2, lines 59-63)]; 

(3) transferring said secure transfer key- pair from said 
server to said remote computer; storing said secure transfer key pair within said remote 
computer [i.e., to read encrypted digital messages sent to a user, the user is first 
prompted for a passphrase. The passphrase is then hashed and transmitted to 
the encryption server for authentication. Once the hashed passphrase is 
authenticated, the encryption server transmits the user's encrypted private key 
back to the client computer, where it is decrypted. The user may now use the 
private key to read any digital messages he has received (column 2, lines 38-47)]; 

(4) encrypting said portion of said token data within said 
local computer with a public key of said secure transfer key pair [i.e., once a digital 
message is generated, it is encrypted with a client recipient's public key (column 
2, lines 51-52)]; 

(5) recording said token data, including said portion of 
said token data encrypted with said public key of said secure transfer key pair, within 
said local computer on a computer readable medium; transporting said computer 
readable medium from said local computer to said remote computer; reading said token 
data, including said portion of said token data encrypted with said public key of said 
secure transfer key pair, within said remote computer from said computer readable 
medium; decrypting said portion of said token data within said remote computer with a 
private key of said secure transfer key pair; and enabling said performance of said 
predetermined task in said remote computer in response to decrypting said portion of 
said token data [i.e., as depicted in Figures 5 and 7 (see associated descriptions 
for details in column 5, lines 8-61 and column 6, line 53 through column 7, line 11; 
and column 2, lines 38-48)]; 

(6) reading said token data, including said portion of said 
token data encrypted with said public key of said secure transfer key pair, within said 
secure transfer key pair, within said remote computer from said computer readable 
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medium; decrypting said portion of said token data within said local computer with a 
private key of said secure transfer key pair [i.e., as depicted in Figures 5 and 7 (see 
associated descriptions for details in column 5, lines 8-61 and column 6, line 53 
through column 7, line 11)]; 

(7) enabling said performance of a predetermined task 
within said local computer in response to decrypting said portion of said token data [i.e., 
in order to read encrypted digital messages sent to a user, the user is first 
prompted for a passphrase. The passphrase is then hashed and transmitted to 
the encryption server for authentication. Once the hashed passphrase is 
authenticated, the encryption server transmits the user's encrypted private key 
back to the client computer, where it is decrypted. The user may now use the 
private key to read any digital messages he has received (column 2, lines 40-48)]. 

ii. However, Baltzley does not explicitly mention: 

(1 ) encrypted/decrypted portion of token data. 

iii. Chandra, on the other hand, teaches: 

(1) In accordance with Chandra's invention software can 
be distributed on magnetic media (such as tape or floppy disk) or by other means 
(telephone lines, cable or broadcast transmission). The software is partitioned into an 
encrypted portion P.sub.e and an unencrypted (clear text) portion P.sub.c. The choice 
of the partitioning is made by the software vendor with the understanding that only the 
encrypted portion will be protected from piracy. The encrypted portion, P.sub.e of the 
software will be decrypted and executed by a physically and logically secure 
coprocessor if the coprocessor possesses the decryption key which embodies the right 
to execute. The protected part of the software is, thus, never exposed in plaintext form 
and never executed by unauthorized systems (column 3, lines 52-66). 

iv. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) mention/include a software asset protection 
mechanism (in Baltzley) which is based on the separation of the software to be 
protected from the right to execute that software (see abstract of Chandra). 
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v. The ordinary skilled person would have been motivated to: 
(1) mention/include a software asset protection 
mechanism (in Baltzley) because the typical software purchaser may still duplicate at 
will the software he has received from the vendor. However, he cannot duplicate the 
right to use the software; in fact he receives a single right to use the software (column 
3, lines 39-43 of Chandra). 

s. Referring to claim 44: 

i. This claim has limitations that is similar to those of claim 34, 
thus it is rejected with the same rationale applied against claim 34 above, 
t. Referring to claim 50: 

i. This claim has limitations that is similar to those of claims 1 
and 34, thus it is rejected with the same rationale applied against claims 1 and 34 
above. 

u. Referring to claim 51: 

i. This claim has limitations that is similar to those of claim 2, 
thus it is rejected with the same rationale applied against claim 2 above. 

Claim Rejections - 35 (JSC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 3, 15, 23, 31, 39, 41, and 48 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Baltzley (US 6,154, 543), and further in view of Taaffe (US 
4,747,139). 

a. Referring to claim 3: 

i. Baltzley further teaches: 

(1) each client computer in said plurality thereof includes 
a security subsystem having a subsystem processor and subsystem storage [i.e., 
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Figure 2 shows a client machine. 110 which can comprise incoming and outgoing 
communication channels 115, a memory 205, and one or more processors 210, 
such as microprocessors or digital signal processors. Memory 205 can include 
any storage medium, including RAM, a hard drive, and tape memory. The 
processors 210 are electrically connected to the memory 205 and have access to 
a New User computer program 215 and an Enabler computer program 220 
(column 4, lines 18-25), 

(2) each client computer in said plurality thereof 
generates a hardware key pair within said security subsystem, a private key of said 
platform key pair is encrypted with said hardware public key and is decrypted with said 
hardware private key in said security subsystem before said private key of said platform 
key pair is used to decrypt said private key of said secure transfer key pair within said 
security subsystem [i.e., the client computer executes a New User computer 
program and an Enabler computer program to facilitate secure communication. 
Both the New User computer program and the Enabler computer program 
communicate with a Server computer program located on the encryption server. 
The New User computer program communicates with the Server computer 
program to generate a public/private key pair, a user identifier, and a user 
passphrase. The private key is then encrypted with the user passphrase yielding 
an encrypted private key, which is transmitted with the public key to the 
encryption server. The Enabler computer program communicates with the Server 
computer program to enable a user to both read encrypted digital messages sent 
to him or her and send encrypted digital messages to other users. To read 
encrypted digital messages sent to a user, the user is first prompted for a 
passphrase. The passphrase is then hashed and transmitted to the encryption 
server for authentication. Once the hashed passphrase is authenticated, the 
encryption server transmits the user's encrypted private key back to the client 
computer, where it is decrypted. The user may now use the private key to read 
any digital messages he has received (column 2, lines 26-48)]. 

iL However, Baltzley does not explicitly mention: 
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(1) generates a hardware key pair, a private key of said 
hardware key pair is stored in said subsystem storage. 

iii. Whereas, Taaffe teaches: 

(1) In one application of the invention, a hardware key 
generator may be permanently fixed in a computer system and the system may further 
include means for both encripting and decripting software or data. Prior to transmitting 
information from the system, as to a storage unit, the information is encrypted using the 
system encryptor and a key generated by the key generator. The encrypted information 
is not usable without the key generator module in the system. Preferably the encryptor 
is positioned between the CPU bus and each input/output controller. Preferably, the 
key generator provides the encryptor with the key pair for encryption and transmission 
(column 3, lines 42-60). The hardware module may be combined with a storage 
medium in a software package. The decryption routines and a key sequence to be 
applied to the key generator are stored with the application software on the storage 
medium (see abstract). 

iii. It would have been obvious to a person haying ordinary skill 
in the art at the time the invention was made to: 

(1) thoroughly point out or include such hardware key 
generator for generating/storing a hardware key pair (in Baltzley) to protect software 
from unauthorized copying and unauthorized access (column 1, lines 13-14 of Taaffe). 

iv. The ordinary skilled person would have been motivated to: 
(1) thoroughly point out or include such hardware key 

generator for generating/storing a hardware key pair (in Baltzley), since unauthorized 
access to data is a large problem for the data processing community and the military. 
Unauthorized access can take many forms, from the casual looking at data on a 
terminal connected to the computer to the theft of some sort of storage medium, disk, 
tape, floppy, etc., with subsequent use of the data on another computer (column 1, line 
66 through column 2, line 4 of Taaffe). 

b. Referring to claims 15, 23. 31. 39. 41. and 48: 
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i. These claims have limitations that is similar to those of 
claims 3 and 7, thus they are rejected with the same rationale applied against claims 3 
and 7 above. 

Conclusion 

7. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Thanhnga (Tanya) Truong whose telephone number 
is 571-272-3858. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kim Vu can be reached on 571-272-3859. The fax and phone 
numbers for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Any inquiry of a general nature or relating to the status of this application 
or proceeding should be directed to the receptionist whose telephone number is 571- 
272-2100. 



TBT 

September 30, 2005 




